10 February,2009 09:37 AM IST | | Subroto Roy
Sudam Choure, president of cyber cell of the Pune police, believes corporates should adopt the information systems audit to prevent data theft
An expert in online data management and cyber crime told MiD DAY in an exclusive interview that frauds like the Satyam scam can be averted if corporates adopt the information systems (IS) audit.
According to the Reserve Bank of India (RBI) directives, Foreign Institutional Investors (FII) have to follow the information systems audit.
Sudam Choure, president of IT and ITES Association and cyber cell of the Pune police, said that only five per cent of corporates have the IS audit, which makes it simpler for powerful directors to fudge accounts. According to Choure, this is a data theft of sorts.
Choure says that the Satyam scam took place because "Satyam did not maintain an IS auditor to check the flow of finance-related transactional data."
He added that data theft is rampant and most crimes happen because of insider information. "Most cyber crimes and data thefts happen because an insider is involved," added Choure. Banks and financial institutions sell data about customers at Rs 5 to Rs 500 per name, depending on theu00a0 demand.
u00a0
"Air plane operators also sell data of frequent fliers abroad or those flying by J class," he said.
Rampant
Choure, who is on major national committees related to cyber crime and data theft, says the immediate buyer may not be a user.
"The user may be international and the seller often does not know why the data is being demanded," he explained.
Data theft has become so rampant now that private companies, especially middle and large-scale industries, are seriously considering following RBI recommendations.
"Financial auditors are chartered accountants and they have little knowledge about financial data flow within and outside the company computer systems, which is why RBI had made it mandatory for financial companies dealing with public money to maintain IS auditors with proper certification," said Choure.
Five to seven per cent of Indian companies have already adapted the system, according to Choure. However, the number of qualified IS auditors is limited because the certifying agency (Certified Information System Auditor Control Organisation) in the USA conducts a very stringent case.
"The overall passing percentage of this test is hardly one per cent," said Choure, before adding that only those with at least three years of working experience in similar systems are allowed to take the test.
Now, the RBI has okayed a diploma certification to allow chartered accountants to sign IS audit reports. Choure does not approve of this.
"Chartered accountants do not know anything about computer-based data management. Chartered accountants are not allowed to sign the reports without the certification," he said.